Some corporate IT managers are unhappy with Mozilla’s decision to push out new editions of Firefox every six weeks with its new rapid-release program.
Their beefs center around the retirement of Firefox 4 from security support—a move Mozilla decided on this spring when it kicked off its fast-paced regime—and their inability to test any new version before the next comes down the pike.
“The Firefox 4 EOL is a kick in the stomach,” said John Walicki of IBM, referring to the “end of life” of the browser Mozilla launched just three months ago. “I’m now in the terrible position of choosing to deploy a Firefox 4 release with potentially unpatched vulnerabilities, reset the test cycle for thousands of internal apps to validate Firefox 5 or stay on a patched Firefox 3.6.x.”
Walicki, a manager of workplace and mobility in the office of IBM’s CIO, made that observation Thursday in comments to a blog post by Michael Kaply, a consultant who specializes in customizing Firefox and helping clients deploy the open-source browser.
When Mozilla launched Firefox 5 on Tuesday, it immediately retired the predecessor, Firefox 4, from security support, meaning it will not patch vulnerabilities in the three-month old browser. Instead, Mozilla considers Firefox 5 to be not only the newest edition, but also the security update to Firefox 4.
That may work for consumers, but it doesn’t for enterprises, said Al Hilwa, an analyst with IDC.
“A major version change is a big signal to the enterprise that there’s something drastically different, and a signal that [IT] needs to do its due diligence,” said Hilwa. “People in the enterprise are in the habit of evaluating every bit before they put it on workstations.”
Walicki, who did not respond to email requesting an interview, said as much in his comment on Kaply’s blog.
“I have 500,000 corporate users on Firefox 3.6,” Walicki said. “We’re just completing a test cycle of Firefox 4 on many thousands of internal business Web applications. Many hundreds of application owners and their test teams have participated. We gave them several months to ready themselves. We worked with dozens of internal Add-On developers and product teams to prepare their add-ons for Firefox 4. We’re poised to deploy Firefox 4.01 in 3Q when the corporate change freeze lifts. Education programs, documentation updates, communications all are planned.”
IBM adopted Firefox as its default browser in mid-2010.
The problem, said Walicki, is that that time was essentially wasted: IBM has not yet rolled out Firefox 4, and it’s now retired from support. And to repeat the process with Firefox 5 could be just as fruitless.
“By the time I validate Firefox 5, what guarantee would I have that Firefox 5 won’t go EOL when Firefox 6 is released?” he asked.
In fact, that’s just what Mozilla intends to do.
When Firefox 6 ships—it’s now slated to debut Aug. 16—Firefox 5 will be retired, and users will be encouraged to upgrade to that version to receive security updates and any new features packaged with the new browser.
The same will hold true on Sept. 27, when Firefox 7 is to launch, on Nov. 8 with Firefox 8 and on Dec. 20 when Firefox 9 debuts: In each case, the preceding edition will be retired.
“I’m very sympathetic to these enterprise concerns,” said Hilwa. “But it’s more of a sign of the disconnect between consumer and enterprise.”
Consumers don’t have an issue with upgrading to a new browser every six weeks—the success of Chrome, which releases a new edition that frequently, demonstrates that the pace works for them—but it will always be a sticking point with businesses.
Companies want to insure that a new application, especially a browser, doesn’t create compatibility or security problems. And to corporate IT, Firefox 5 is a new browser, not simply a security update for Firefox 4.
“If Firefox 5 is just some cleanup and bug fixes [for Firefox 4], a new version number is the wrong message to send enterprises,” said Hilwa. “That’s the peril of adopting products that aren’t actually licensed, or not even attached to any license, as Internet Explorer is.”
And it’s why corporations continue to use Microsoft’s IE. “This flap shows why Microsoft has been much more conservative in its release schedule,” said Hilwa, “and why they support older versions for such a long time.”
Hilwa said Mozilla has to decide where it wanted to put its time and effort: consumers or enterprise. “This may be a good decision for Mozilla, but it’s a gambit,” he said. “It’s up to Mozilla to figure out how important the enterprise market is to them.”
While Mozilla did not immediately respond to a request for comment on the enterprise complaints about Firefox’s rapid release scheme, a long-time Mozilla employee made it clear that he doesn’t see the corporate market as important.
“Enterprise has never been (and I’ll argue, shouldn’t be) a focus of ours,” said Asa Dotzler, director of Firefox, in a comment appended to a follow-up blog post by Kaply. “Until we run out of people who don’t have sysadmins and enterprise deployment teams looking out for them, I can’t imagine why we’d focus at all on the kinds of environments you care so much about.”
In that same comment, Dotzler dismissed enterprise users of Firefox as “a drop in the bucket, fractions of fractions of a percent of our user base.”
Dotzler’s comment didn’t sit well with Christopher Johnson, a developer who works for Illinois-based custom software firm Geneca.
“You’re basically saying you don’t care about corporations,” Johnson said on Kaply’s blog. “Does that mean you want a large user base to stay attached to IE? Doesn’t that contradict the mission of the Mozilla Corporation?”